IdentityIQ vs IdentityNow

SailPoint has two major IAM solutions - IdentityNow and IdentityIQ. Learn more about each offering to make the right decision for your needs.

Topic : Authentication, Cyber Security, IAM

May 27, 2022

SailPoint IdentityIQ

IdentityIQ is a governance-based Identity and Access Management (IAM) system that is deployed on premises (on-prem) which delivers quick and simple access to keep corporate users productive.
It combines provisioning and compliance management into a single platform that uses a common identity governance structure.

IdentityIQ Components

IdentityIQ Compliance Manager:

Provides for the automation of access certifications, policy administration, and audit reporting in order to speed compliance operations and increase identity governance effectiveness.
Key Features-

Maintains continuous compliance by reviewing user access
Enforces policies that prevent inappropriate access
Ensures audit-readiness and demonstrates compliance

IdentityIQ Lifecycle Manager:

Manage access changes via user-friendly, self-service requests and lifecycle events for quick, automated access distribution to users.
Key Features-

Empowers users to request and manage access to resources
Automation of user lifecycle management from onboarding to termination
Detects changes in a user’s role and automatically adjust access

IdentityIQ Password Manager:

Provides an intuitive self-service interface for users to manage their password without the need for helpdesk calls.
Key features-

Enables users to manage and reset their own passwords
Enforces strong password policies across all applications

IdentityIQ File Access Manager:

File Access Manager introduces a new evolution in how enterprises protect access to files containing sensitive information.
Key features-

Secures sensitive data stored on-premises and in the cloud with a comprehensive identity governance strategy
Addresses access issues such as sensitive or overexposed data and implements the right access controls prior to migrating applications and data to the cloud
Identifies critical compliance gaps and implements preconfigured policies designed to address regulatory requirements
Empowers owners to govern their data by granting and managing access through pre-defined corporate policies and identity context for improved business productivity

SailPoint IdentityNow

IdentityNow is an open Identity-as-a-Service (IDaaS) solution that enables businesses to expand their workforce, enter new markets, adopt new technologies, innovate quickly, and compete on a global scale – safely and confidently.
It can also be integrated with on-premise infrastructure and offers password management, provisioning, single sign-on, and access certification for mobile, cloud, and on-premises apps.

IdentityNow Components

Access Request

The Access Request service lets an organisation determine the access options available for users and how those options are reviewed, approved, or denied.
Key features-

Limits the risk of insider access through distributed security accountability by creating a suitable security policy requiring department heads to enforce
Improves productivity and growth through automated processes in place, allowing focus on strategic projects instead of ticket fulfilment, without compromising security
Users can request access as per their specific needs on an extremely granular level or with large sets of access in the form of roles

Certifications

Certifications allow designated people, such as managers or system owners, to review users’ access to enterprise systems and data.
Key features-

Certifiers determine whether the access is appropriate for those users or should be revoked
Improves an organisation’s data security by reducing inappropriate access and satisfying audit and regulatory requirements

Password Management

Password Management simplifies password administration and updates across IdentityNow account sources and applications. It is used to enforce consistent and strong password policies across a wide variety of apps and sources to increase company security.
Key features-

Enforcement of consistent and strong password requirements for different sources using password policies
Management of password change shared by multiple direct connect sources and the connected apps simultaneously by using sync groups
Configuration of advanced options such as using a password dictionary and accessing Password Management using URLs

Provisioning

Provisioning enables the creation, updating, and removal of user access across an organisation and its applications. This is determined based on factors such as hiring employment status and job requirements, and can be configured to happen automatically.
Key features-

Enables a secure remote workforce with access to all essential applications
Quick onboarding for new users with the tools and access needed on day one
Automatic modification of access as users change roles in the organisation
Validation of access and approvals with detailed audit trails explaining how access was handled, even during times of change
Automation of routine access changes and user lifecycle management to improve efficiency and reduce errors

Separation of Duties

Separation of Duties (SoD) service provides visibility into everyone’s access in an organisation to easily track violations of set internal policies, generate reports of violations for remediation and maintain a clear view of an organisation’s access patterns.
Key features-

Provides an internal control to mitigate risk by correcting violations that surface
Visualisation of an organisation’s risk by leveraging governance data to see the riskiest access combinations

Comparison of IdentityIQ and IdentityNow

	IdentityIQ	IdentityNow
Platform	IdentityIQ is a comprehensive on-premises IAM software.	IdentityNow is the SaaS solution (Software-as-a-Service) to IdentityIQ.
Purpose	IdentityIQ has been developed to handle complex environments with multiple integrations.	IdentityNow was designed to be an elemental yet dominant, cost-effective IDaaS solution, with minimal software or hardware to deploy.
Use Case	IdentityIQ is most appropriate for companies with a strong requirement for customisation and for index requests in “role” and “entitlement” based configurations.	IdentityNow focuses on consumer usability by giving users simple, intuitive ways to manage their day to day needs, from accessing cloud and internal web apps, requesting and reviewing access or resetting passwords.
Deployment	IdentityIQ can be deployed on-premises, on a cloud platform through AWS or Azure, or on a cloud managed service.	IdentityNow is a SaaS deployment, only requiring the setup of Virtual Appliance (VA) clusters on-premises.
Cost effectiveness	IdentityIQ requires infrastructure investment and the assistance of IAM staff for continuous upgradation and maintenance.	IdentityNow comes with common core components, giving customers the option to subscribe for additional features a-la-carte through identity security cloud packages. The customer only pays for the features availed.
Return on Investment	IdentityIQ projects require longer deployment phases and the ROI takes over an extended period of time.	IdentityNow projects have shorter deployment phases due to the cloud infrastructure available and the ROI is much quicker.

How SecurDI can help

SailPoint has developed the fastest-growing IAM tools that help an organisation to access and manage user and company data. With IdentityIQ and IdentityNow, customers can securely configure and manage their identity stores to improve the onboarding experience and certify the appropriate access for their employees.

At SecurDI, our team of trained IAM professionals will help pick and implement the right IAM vendor solution for your organisational needs.

Authored by Kartik Bagade

Featured image by slidesgo / Freepik